SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking This course is designed as a logical progression point for those who have completed SEC560: Network Penetration Testing and Ethical Hacking, or for those with existing penetration testing experience. Students with the prerequisite knowledge to take this course will walk through dozens of real-world attacks used by the most seasoned penetration testers. The methodology of a given attack is discussed, followed by exercises in a real-world lab environment to solidify advanced concepts and allow for the immediate application of techniques in the workplace. Each day includes a two-hour evening bootcamp to allow for additional mastery of the techniques discussed and even more hands-on exercises. A sample of topics covered includes weaponizing Python for penetration testers, attacks against network access control (NAC) and VLAN manipulation, network device exploitation, breaking out of Linux and Windows restricted environments, IPv6, Linux privilege escalation and exploit-writing, testing cryptographic implementations, fuzzing, defeating modern OS controls such as ASLR and DEP, return-oriented programming (ROP), Windows exploit-writing, and much more! Attackers are becoming more clever and their attacks more complex. In order to keep up with the latest attack methods, you need a strong desire to learn, the support of others, and the opportunity to practice and build experience. SEC660 provides attendees with in-depth knowledge of the most prominent and powerful attack vectors and an environment to perform these attacks in numerous hands-on scenarios. This course goes far beyond simple scanning for low-hanging fruit, and shows penetration testers how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws. SEC660 starts off by introducing the advanced penetration concept, and provides an overview to help prepare students for what lies ahead. The focus of section one is on network attacks, an area often left untouched by testers. Topics include accessing, manipulating, and exploiting the network. Attacks are performed against NAC, VLANs, OSPF, 802.1X, CDP, IPv6, VOIP, SSL, ARP, SNMP, and others. Section two starts off with a technical module on performing penetration testing against various cryptographic implementations. The rest of the section is spent on network booting attacks, escaping Linux restricted environments such as chroot, and escaping Windows restricted desktop environments. Section three jumps into an introduction of Python for penetration testing, Scapy for packet crafting, product security testing, network and application fuzzing, and code coverage techniques. Sections four and five are spent exploiting programs on the Linux and Windows operating systems. You will learn to identify privileged programs, redirect the execution of code, reverse-engineer programs to locate vulnerable code, obtain code execution for administrative shell access, and defeat modern operating system controls such as ASLR, canaries, and DEP using ROP and other techniques. Local and remote exploits, as well as client-side exploitation techniques, are covered. The final course section is dedicated to numerous penetration testing challenges requiring you to solve complex problems and capture flags. Among the biggest benefits of SEC660 is the expert-level hands-on guidance provided through the labs and the additional time allotted each evening to reinforce daytime material and master the exercises. You Will Be Able To • Perform fuzz testing to enhance your company’s SDL process • Exploit network devices and assess network application protocols • Escape from restricted environments on Linux and Windows • Test cryptographic implementations • Model the techniques used by attackers to perform 0-day vulnerability discovery and exploit development • Develop more accurate quantitative and qualitative risk assessments through validation • Demonstrate the needs and effects of leveraging modern exploit mitigation controls • Reverse-engineer vulnerable code to write custom exploits 6 Day Program 46 CPEs Laptop Required GXPN Exploit Researcher & Advanced Pen Tester giac.org/gxpn “ SEC660 is the right balance between theory and practice; it’s hands-on, not too hard, but also not too easy.” — Anton Ebertzeder, Siemens AG sans.org/sec660 • Watch a preview of this course • Discover how to take this course: Online, In-Person GIAC Exploit Researcher and Advanced Penetration Tester The GIAC Exploit Researcher and Advanced Penetration Tester certification validates a practitioner’s ability to find and mitigate significant security flaws in systems and networks. GXPN certification holders have the skills to conduct advanced penetration tests and model the behavior of attackers to improve system security, and the knowledge to demonstrate the business risk associated with these behaviors. • Network Attacks, Crypto, Network Booting, and Restricted Environments • Python, Scapy, and Fuzzing • Exploiting Windows and Linux for Penetration Testers GXPN Exploit Researcher & Advanced Pen Tester giac.org/gxpn